Currently Being ModeratedJul 6, 2011 3:19 PM (in response to Bartzy~)
Use the iPhone Configuration Utility to import the pfx into a new configuration profile. Once you have it in there, use the Export feature to export the configuration profile and it will give you a .mobileconfig file. Once you have this file, you can use the whole thing or just the part you need from it. It's just a regular xml file that conforms to some schema from Apple.
Currently Being ModeratedJul 6, 2011 4:03 PM (in response to flowershark)
I'm trying to manually create the mobileconfig (through a script), and "inject" the certificate into the mobileconfig file. I can't determine how to turn the PFX into the string in the mobileconfig.
Currently Being ModeratedMar 1, 2012 2:43 AM (in response to Bartzy~)
I am trying to do the same thing. Did you find out how to do this ?
Currently Being ModeratedMar 1, 2012 3:03 AM (in response to elisonniven)
It was a while back, so I may not remember exactly - but I think I just configured each certificate manually via the iPhone Configuration Utility at the end.
Currently Being ModeratedMar 1, 2012 3:06 AM (in response to Bartzy~)
Thanks, aargh why can't apple keep things simple ?
Currently Being ModeratedMar 7, 2012 4:28 AM (in response to Bartzy~)
you can convert a pfx/p12 file with openssl or with Microsoft certutil utility.
openssl enc -a -in user.p12 -out user.enc
certutil.exe -encode user.p12 user.enc
Merge the new user.enc file into your unsigned mobileconfig file.
Currently Being ModeratedMar 7, 2012 5:01 AM (in response to Bartzy~)
Thanks. The command you gave is for base64 encoding.
Yes it works, But the strange thing is that my generated .mobileconfig is not the same as that generated by Apple iPhone configuration utility.
Currently Being ModeratedMar 7, 2012 6:47 AM (in response to elisonniven)
Yes, the key container GUID and the cert container GUID are different. That's normal.
You can reproduce this:
Delete the cert in windows mmc/certificate console, reimport the same cert in mmc/certificate and import this cert in iPCU. You can see the difference in mobileconfig.
Catch only the cert part from mobileconfig and dump it with <certutil.exe -v user.enc>. You see different container GUIDs.
I hope this helps.
Currently Being ModeratedMar 10, 2012 5:23 AM (in response to Bartzy~)
Thanks for the explanation !
Currently Being ModeratedOct 5, 2012 7:14 AM (in response to fredfrombern (zollikofen))
Hi All, Hi Fred.
I am trying to "Merge the new user.enc file into your unsigned mobileconfig file."
What is the best (Mac) command line tool for this?
sed does not like the line breaks or the "\" character.